HOWTO Utilize Spam Assassin

This is a howto for utilizing Spam Assassin, if it is already running on your mail server and is tagging your emails. This is not a howto for getting Spam Assassin working on your mail server.

When Spam Assassin is running, it adds some fields to the header of your emails that look something like this:

-----
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail.server
X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=5.0
tests=EXCUSE_3,FORGED_OUTLOOK_TAGS,
 HTML_50_60,HTML_FONT_BIG,HTML_MESSAGE,
 HTML_TAG_EXIST_TBODY,MIME_HTML_MOSTLY,MPART_ALT_DIFF
 autolearn=no version=3.0.2
-----

The “X-Spam-Status” field declares that “yes” the email is spam or “no” it is not. The “score” field is the spam score of the email, and “required” is the score that is required for Spam Assassin to declare that the email is spam. Under the tests field is a list of tests that the email has passed. Each passed test adds or subtracts points from an email’s score. For a listing of tests and their default rewards or penalties, see http://spamassassin.apache.org/tests.html.

Although Spam Assassin is run on every email you receive, nothing is done based on the results. So, in order to take advantage of Spam Assassin, you need to filter emails based on the added fields. One way to do that is to use procmail. This can be done by creating a file called .procmailrc in your home directory looking something like the following:

-----
SHELL=/bin/sh
PATH=/usr/bin:/usr/local/bin
MAILDIR=$HOME/mail
LOGFILE=$HOME/.proclog
VERBOSE=off
LOGABSTRACT=no
SPAMF=$HOME/mail/FILTERED/SPAM

:0
* ^X-Spam-Flag: YES$
$SPAMF
-----

A few words of caution. Other than the above, be careful trying to do things with procmail. Its probably a good idea to make a backup of your $HOME/mail directory before attempting anything new with procmail. (I have sent quite a bit of my inbox to /dev/null trying to do some fancy things.) Also, the .procmailrc file cannot be group or world readable or writable, or procmail will not work. So, if you edit .procmailrc through mounted Samba shares, be careful with the permissions. If you want to learn more about configuring procmail, just run “man procmailrc“.

In addition to Spam Assassin‘s pre-defined tests, Spam Assassin includes a Bayesian learner, i.e., you can use Spam Assassin to learn what is and what is not spam. The following discussion assumes that your mail folders are in the mbox format. I know this is the case for pine. It seems like a pretty standard format. However, if it is not the case for you, you may need to run “sa-learn --help” to figure out what option to use instead of “--mbox“.

The Bayesian learner can be used by doing the following. If you have a mail folder S that contains spam, run the following command on it: “sa-learn --showdots --mbox --spam S“. If you have a mail folder H that contains ham, i.e., non-spam messages, run the following command on it: “sa-learn --showdots --mbox --ham H“. I think you need to run the learner on at least 200 spam messages and 200 ham messages before Spam Assassin starts to make use of the learner. Once Spam Assassin starts to use the learner’s results, a series of Bayesian tests will be used by Spam Assassin. Currently, those tests are called BAYES_00, BAYES_05, BAYES_20, BAYES_40, BAYES_50, BAYES_60, BAYES_80, BAYES_95, and BAYES_99. BAYES_00 means the there is only a 0% to 1% chance the message is spam (according to the learner), while BAYES_99 means there is a >99% chance that the message is spam (according to the learner). Nothing needs to be done to use these tests, but you may wish to change the penalties/rewards (to an email’s spam score) that each test gives. For instance, you may want to say that if the Bayesian learner is 99% sure something is spam, then give it a score of 5, the amount required to declare the mail spam. Likewise, you might say that if the Bayesian learner thinks there is only a 0% to 1% chance that a mail is spam, lets give it a score of -3. To do this, you need to edit a file in your home directory called $HOME/.spamassassin/user_prefs, and add a line to the end of it such as “score BAYES_00 -3“. You can also do several other things in the preference file such as change the score required to declare an email spam. You can set up black and white email lists. To learn more about configuring Spam Assassin, check out http://www.spamassassin.org.

Advertisements

~ by Ryan Lefever on January 23, 2006.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: